Check Website
Inclusion Status
It is currently Thu Dec 14, 2017 6:39 pm

All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Crimeware friendly ISP's: Eveloz
PostPosted: Wed Jan 13, 2010 1:24 am 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6006
Crimeware friendly ISP's: Eveloz (AS27716, 200.63.40.0/21, 200.63.48.0/23, 190.5.224.0/22)

Quote:
The topic today is blackhat SEO, fake AV's and phishing. The culprit responsible for this boatload of maliciousness, is Eveloz (AS27716).

Eveloz has 3 upstream providers, namely;

AS11556 PA-CAPA2-LACNIC Cable-Wireless Panama
AS14551 ALTERNET-SA-AS UUNET Technologies
AS23520 NEWWORLDNETWORK New World Network USA, Inc.

Eveloz is also directly related to Panamaservers.com, an ISP with a history of badness. This blog isn't appropriate for that however, so I'll go into that at a later date.

You'll note, I've blogged recently (as have others) about the blackhat SEO campaigns on Google (and there's similar campaigns on the other search engines). Most of these have one thing in common - the redirector. The most recent redirector or MITM (Man in the middle) is protectcareone.net, which resides at 200.63.46.130. This domain uses the following redirs;


http://hphosts.blogspot.com/2009/12/cri ... 27716.html

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Crimeware friendly ISP's: Eveloz
PostPosted: Tue Apr 06, 2010 3:33 am 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6006
Crimeware friendly ISPs: Eveloz - A continuation

Quote:
I said I'd get back to this, and I am (finally). If you read the previous article concerning Eveloz, you'll already be familiar with the back story concerning them, so lets continue.

I've been monitoring Eveloz for quite some time now, as they've seemingly decided to be rather open about their provision of a haven for criminals, and things haven't stopped, changed or errr, well gotten anything but worse really.

The latest domain to surface on their network, is longsignups.net, which is serving as a middle man, for the fake AV crowd. The domains registrar (Alantron BLTD, alantron.com) apparently doesn't want anyone accessing their WhoIs from anywhere except their own site, so although likely faked, the owner is listed as;


http://hphosts.blogspot.com/2010/04/cri ... veloz.html

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
hpHosts and hpHosts Online are copyright © Malwarebytes Corp - All Rights Reserved

Powered by phpBB © 2000-2009 phpBB Group